Major management apparatus, authorized management apparatus, electronic apparatus for delegation management, and delegation management methods thereof

ABSTRACT

A major management apparatus, an authorized management apparatus, an electronic apparatus for delegation management, and delegation management methods thereof are provided. The major management apparatus generates a first and a second delegation deployment messages and respectively transmits them to the authorized management apparatus and the electronic apparatus. The authorized management apparatus encrypts an original authorized operation message into an authorized operation message by an authorization key included in the first delegation deployment message and transmits the authorized operation message to the electronic apparatus. The original authorized operation message includes an operation task message and a right level. The electronic apparatus decrypts the authorized operation message into the original authorized operation message by the authorization key included in the second delegation deployment message and performs an operation according to the operation task message and the right level.

PRIORITY

This application is a divisional of U.S. patent application Ser. No.13/769,349 filed on Feb. 17, 2013, which claims the benefit from thepriority of Taiwan Patent Application No. 101146852 filed on Dec. 12,2012, the disclosures of both of which are incorporated by referenceherein in their entirety.

FIELD

The present invention relates to a major management apparatus fordelegation management and delegation management method thereof. Moreparticularly, the present invention relates to a major managementapparatus and delegation management method thereof that performmanagement operations through delegation management.

BACKGROUND

The network technologies have been developed for many years. FIG. 1Adepicts a schematic architecture of a conventional network system 1. Thenetwork system 1 comprises a server 11, a gateway 15, and a plurality ofelectronic apparatuses 17. The server 11 connects to the gateway 15 viathe Internet 13 and connects to the electronic apparatuses 17 via thegateway 15. In recent years, this architecture of the network system 1is often used in Internet of Things (IoT) systems, for example, inAdvanced Metering Infrastructure (AMI) systems. When the network system1 is an AMI system, the server 11 may be a meter data management system(MDMS), the gateway 15 may be a concentrator, and the electronicapparatuses 17 may each be a smart meter.

When the network system 1 is an IoT system, the server 11 has to accessinformation (e.g., read power consumption data collected and stored inthe smart meters, set the Time of Use (TOU) parameters of the smartmeters, control statuses (On or Off) of power supply switches in thesmart meters, activate and execute the firmware updating function of thesmart meters, and so on) from the electronic apparatuses 17 frequently.Since the network system 1 is often of a very large scale, the number ofthe electronic apparatuses 17 is great (e.g., in an AMI system, thenumber of the smart meters is usually on the order of millions) and theaccess operations of the electronic apparatuses 17 are very complex.When the operations are executed in the aforesaid centralized way (i.e.,all the electronic apparatuses 17 are accessed by the server 11directly), a poor efficiency is often caused. Therefore, a distributedoperation mode has to be adopted in which the server delegates the rightof accessing the electronic apparatuses 17 to the gateways 15 so thatthe gateways 15 are authorized to execute the operations. Thedistributed operation mode can improve the operation efficiency.

Please refer to FIG. 1B. In the distributed system environment, when asystem 112 (i.e., a delegator) delegates another system 113 (i.e., adelegatee) to access resources from a service system 114 according tothe prior art, the system (delegator) 112 issues an authorizationcredential to the system (delegatee) 113 and then the system (delegatee)113 generates an access request according to the right authorized andtransmits the authorization credential and the access request to theservice system 114. After checking and verifying related rights, theservice system 114 executes the access operation.

The authorization credential mainly comprises an identity of thedelegator, an identity of the delegate, a privilege and so on, which maybe in the form of the X.509 Privilege Attribute Certificate, theKerberos Ticket, or various forms of Delegation Certificate. Inpractical operations, the access request does not comprise the privilegeinformation, so it must be used in combination with the authorizationcredential. In addition, message verification and relevance check mustbe performed by the service system 114 on the authorization credentialand the access request. Therefore, the operations are relativelycomplex. Moreover, the meaning of the privilege is not specified in thetwo messages, so the privilege must be interpreted and controlled by theservice system 114 independently. Therefore, related security problemsare likely to occur due to the inexplicit definition. Furthermore,although the access data is carried in the authorization credential inanother implementation, the system (delegatee) 113 cannot independentlygenerate the access request message as needed according to the rightauthorized in this implementation because the authorization credentialcan only be generated by the system (delegator) 112. As a result, thisimplementation not only has poor flexibility in use, but the system(delegator) 112 must also generate an authorization credential for eachaccess operation, which causes a heavy workload of this system. Whenthis implementation is applied to the aforesaid IoT system, the effectof distributed processing cannot be achieved. Accordingly, an urgentneed exists in the art to provide a delegation mechanism that is simpleand flexible in use so as to solve the aforesaid problems.

SUMMARY

To solve the aforesaid problems, the present invention provides a majormanagement apparatus, an authorized management apparatus, an electronicapparatus for delegation management, and delegation management methodsthereof.

The major management apparatus for delegation management according tocertain embodiments of the present invention is suitable for use in anetwork system. The network system comprises the major managementapparatus, an authorized management apparatus, and an electronicapparatus. The major management apparatus comprises a processing unitand a transceiving interface electrically connected to the processingunit.

The processing unit is configured to generate a first delegationdeployment message and a second delegation deployment message. The firstdelegation deployment message comprises an authorization key, a rightlevel, and a right token. The second delegation deployment messagecomprises the authorization key and a right verification message.

The transceiving interface is configured to transmit the firstdelegation deployment message to the authorized management apparatus sothat the authorized management apparatus uses the authorization key toencrypt an original authorized operation message into an authorizedoperation message. The transceiving interface further transmits thesecond delegation deployment message to the electronic apparatus so thatthe electronic apparatus uses the authorization key to decrypt theauthorized operation message from the authorized management apparatusinto the original authorized operation message and so that theelectronic apparatus performs a verification procedure by the rightverification message as well as the right level and an operation taskmessage comprised in the original authorized operation message andexecutes an operation according to the right level and the operationtask message.

The authorized management apparatus for delegation management accordingto certain embodiments of the present invention is suitable for use in anetwork system. The network system comprises the authorized managementapparatus, a major management apparatus, and an electronic apparatus.The authorized management apparatus comprises a first transceivinginterface, a storage unit, a processing unit, and a second transceivinginterface. The processing unit is electrically connected to the firsttransceiving interface, the storage unit, and the second transceivinginterface. The first transceiving interface is configured to receive adelegation deployment message from the major management apparatus. Thestorage unit is configured to store an authorization key, a right level,and a right token comprised in the delegation deployment message.

The processing unit is configured to perform a verification patterncalculation by the authorization key, the right token, the right level,and an operation task message and encrypt an original authorizedoperation message into an authorized operation message by theauthorization key. The original authorized operation message comprisesthe operation task message and the right level. The second transceivinginterface is configured to transmit the authorized operation message tothe electronic apparatus so that the electronic apparatus performs averification procedure by a right verification message as well as theright level and the operation task message comprised in the originalauthorized operation message and so that the electronic apparatusexecutes an operation according to the right level and the operationtask message.

The electronic apparatus for delegation management according to certainembodiments of the present invention is suitable for use in a networksystem, wherein the network system comprises the electronic apparatus, amajor management apparatus, and an authorized management apparatus. Theelectronic apparatus comprises a transceiving interface, a storage unit,and a processing unit electrically connected to the transceivinginterface and the storage unit. The transceiving interface is configuredto receive a delegation deployment message from the major managementapparatus and receive an authorized operation message from theauthorized management apparatus. The storage unit is configured to storean authorization key and a right verification message comprised in thedelegation deployment message. The processing unit is configured todecrypt the authorized operation message into an original authorizedoperation message by the authorization key so as to obtain an operationtask message and a right level. The processing unit further performs averification pattern calculation by the right level and the operationtask message comprised in the original authorized operation message, theauthorization key, and the right verification message, and executes anoperation according to the right level and the operation task message.

The delegation management method according to certain embodiments of thepresent invention is suitable for use in a major management apparatus. Anetwork system comprises the major management apparatus, an authorizedmanagement apparatus, and an electronic apparatus.

The delegation management method comprises the following steps of:

(a) generating a first delegation deployment message, wherein the firstdelegation deployment message comprises an authorization key, a rightlevel, and a right token;

(b) generating a second delegation deployment message, wherein thesecond delegation deployment message comprises the authorization key anda right verification message;

(c) transmitting the first delegation deployment message to theauthorized management apparatus so that the authorized managementapparatus uses the authorization key to encrypt an original authorizedoperation message into an authorized operation message; and

(d) transmitting the second delegation deployment message to theelectronic apparatus so that the electronic apparatus uses theauthorization key to decrypt the authorized operation message from theauthorized management apparatus into the original authorized operationmessage, performs a verification procedure by the right level and anoperation task message comprised in the original authorized operationmessage and the right verification message, and executes an operationaccording to the right level and the operation task message.

The delegation management method according to certain embodiments of thepresent invention is suitable for use in an authorized managementapparatus. A network system comprises the authorized managementapparatus, a major management apparatus, and an electronic apparatus.The delegation management method comprises the following steps of:

(a) receiving a delegation deployment message from the major managementapparatus;

(b) performing a verification pattern calculation by an operation taskmessage, and an authorization key, a right token, and a right levelcomprised in the delegation deployment message;

(c) encrypting an original authorized operation message into anauthorized operation message by the authorization key, wherein theoriginal authorized operation message comprises the operation taskmessage and the right level; and

(d) transmitting the authorized operation message to the electronicapparatus so that the electronic apparatus performs a verificationprocedure by a right verification message as well as the right level andthe operation task message comprised in the original authorizedoperation message and so that the electronic apparatus executes anoperation according to the right level and the operation task message.

The delegation management method according to certain embodiments of thepresent invention is suitable for use in an electronic apparatus. Anetwork system comprises the electronic apparatus, a major managementapparatus, and an authorized management apparatus. The delegationmanagement method comprises the following steps of:

(a) receiving a delegation deployment message from the major managementapparatus;

(b) receiving an authorized operation message from the authorizedmanagement apparatus;

(c) decrypting the authorized operation message into an originalauthorized operation message by an authorization key comprised in thedelegation deployment message so as to obtain an operation task messageand a right level;

(d) performing a verification pattern calculation by the right level andthe operation task message comprised in the original authorizedoperation message, the authorization key, and a right verificationmessage; and

(e) executing an operation according to the right level and theoperation task message.

According to certain embodiments of the present invention, the majormanagement apparatus generates a first delegation deployment message anda second delegation deployment message and transmits the firstdelegation deployment message and the second delegation deploymentmessage to the authorized management apparatus and the electronicapparatus respectively. Then, when the authorized management apparatusis to manage/access the electronic apparatus, the authorized managementapparatus generates an original authorized operation message andencrypts the original authorized operation message into an authorizedoperation message by an authorization key comprised in the firstdelegation deployment message. The original authorized operation messagegenerated by the authorized management apparatus comprises an operationtask message and a right level, so the electronic apparatus can executean operation according to the right level and the operation taskmessage.

In the aforesaid mechanism of certain embodiments of the presentinvention, the authorized management apparatus and the delegationmanagement method thereof may perform the verification patterncalculation in one of three different ways. The three ways include:

(1) performing the verification pattern calculation by the authorizationkey, the right token, the right level, and the operation task message toobtain a verification message, wherein the verification message istransmitted to the electronic apparatus;

(2) performing the verification pattern calculation by the authorizationkey, the right token, the right level, and the operation task message toobtain a verification message, with the original authorized operationmessage further comprising the verification message, and theverification message comprised in the original authorized operationmessage being transmitted to the electronic apparatus, and

(3) performing the verification pattern calculation by the authorizationkey, the right token, and the authorized operation message to obtain averification message, wherein the verification message is transmitted tothe electronic apparatus.

Furthermore, in the aforesaid mechanism of certain embodiments of thepresent invention, the electronic apparatus and the delegationmanagement method thereof may firstly generate a right token in the sameway as the major management apparatus and the delegation managementmethod thereof. Specifically, the electronic apparatus and thedelegation management method thereof may generate a right token by theright verification message (and even an additional right calculationauxiliary message), the right level, and a hash function. Then, theelectronic apparatus and the delegation management method thereofperform a verification procedure in a way corresponding to theauthorized management apparatus; that is, the electronic apparatus andthe delegation management method thereof may perform the verificationprocedure in one of the following three different ways.

The first way adopted by the electronic apparatus and the delegationmanagement method thereof is to perform the verification patterncalculation by the authorization key, the right token, the right level,and the operation task message to obtain another verification messageand then determine whether the calculated verification message is thesame as the received verification message. If the calculatedverification message is the same as the received verification message,the electronic apparatus will execute the operation. In case themechanism of the present invention adopts an access right message, thenthe electronic apparatus and the delegation management method thereofwill further determine whether the right level and the operation taskmessage conform to a rule of the access right message after determiningthat the calculated verification message is the same as the receivedverification message. The operation will be executed after determiningthat the right level and the operation task message conform to the ruleof the access right message.

The second way adopted by the electronic apparatus and the delegationmanagement method thereof is to perform the verification patterncalculation by the authorization key, the right token, the right level,and the operation task message to obtain another verification messageand then determine whether the calculated verification message is thesame as the received verification message (comprised in the originalauthorized operation message). If the calculated verification message isthe same as the received verification message, the electronic apparatuswill execute the operation. In case the mechanism of the presentinvention adopts an access right message, the electronic apparatus andthe delegation management method thereof will further determine whetherthe right level and the operation task message conform to a rule of theaccess right message after determining that the calculated verificationmessage is the same as the received verification message. The operationwill be executed after determining that the right level and theoperation task message conform to the rule of the access right message.

The third way adopted by the electronic apparatus and the delegationmanagement method thereof is to perform the verification patterncalculation by the authorization key, the right token, and theauthorized operation message to obtain another verification message andthen determine whether the calculated verification message is the sameas the received verification message. If the calculated verificationmessage is the same as the received verification message, the electronicapparatus will execute the operation. In case the mechanism of thepresent invention adopts an access right message, the electronicapparatus and the delegation management method thereof will furtherdetermine whether the right level and the operation task message conformto a rule of the access right message after determining that thecalculated verification message is the same as the received verificationmessage. The operation will be executed after determining that the rightlevel and the operation task message conform to the rule of the accessright message.

Through the aforesaid mechanism, the major management apparatus ofcertain embodiments of the present invention can flexibly assigndifferent right levels to the authorized management apparatus accordingto the needs of practical applications. After being authorized, theauthorized management apparatus can generate access request message asneed and manage/access the electronic apparatus according to theassigned right levels. The electronic apparatus can also accuratelycontrol and execute the management/access operations of the authorizedmanagement apparatus according to the right levels. Therefore, thepresent invention can solve the problems with the prior art.

The detailed technology and preferred embodiments implemented for thesubject invention are described in the following paragraphs accompanyingthe appended drawings for people skilled in this field to wellappreciate the features of the claimed invention. It is understood thatthe features mentioned hereinbefore and those to be commented onhereinafter may be used not only in the specified combinations, but alsoin other combinations or in isolation, without departing from the scopeof the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A depicts a schematic architecture of a conventional networksystem;

FIG. 1B depicts a user-based delegation mechanism of the prior art;

FIG. 2 depicts a schematic view of a network system 2 according to afirst embodiment;

FIG. 3 depicts a schematic view of signal transmissions according to thefirst embodiment;

FIG. 4 depicts a schematic view of an access right message 4;

FIG. 5A depicts a schematic view illustrating relationships between aright verification message Rm-0, right levels, and right tokens Rm-1,Rm-2;

FIG. 5B depicts a schematic view illustrating relationships between theright verification message Rm-0, a right calculation auxiliary message,right levels, and right tokens Rm-1′, Rm-2′;

FIG. 6A depicts a schematic view of a verification procedure performedby an authorized management apparatus according to the first embodiment;

FIG. 6B depicts a schematic view of a verification procedure performedby an electronic apparatus according to the first embodiment;

FIG. 7A depicts a schematic view of a verification procedure performedby an authorized management apparatus according to a second embodiment;

FIG. 7B depicts a schematic view of a verification procedure performedby an electronic apparatus according to the second embodiment;

FIG. 8A depicts a schematic view of a verification procedure performedby an authorized management apparatus according to a third embodiment;

FIG. 8B depicts a schematic view of a verification procedure performedby an electronic apparatus according to the third embodiment;

FIG. 9A, FIG. 9B and FIG. 9C depict the flowcharts of a delegationmanagement method according to a fourth embodiment;

FIG. 10A and FIG. 10B depict the partial flowcharts of a delegationmanagement method according to a fifth embodiment; and

FIG. 11A and FIG. 11B depict the partial flowcharts of a delegationmanagement method according to a sixth embodiment.

DETAILED DESCRIPTION

In the following descriptions, a major management apparatus, anauthorized management apparatus, an electronic apparatus for delegationmanagement and delegation management methods thereof according to thepresent invention will be explained with reference to exampleembodiments thereof. However, these example embodiments are not intendedto limit the present invention to any specific examples, embodiments,environments, applications, or implementations described in theseembodiments. Therefore, description of these embodiments is only forpurpose of illustration rather than to limit the present invention. Itshall be appreciated that, in the following embodiments and the attacheddrawings, elements not directly related to the present invention areomitted from depiction.

FIG. 2 depicts a schematic view of a network system 2 according to afirst embodiment, while FIG. 3 depicts a schematic view of signaltransmissions according to the first embodiment. The network system 2comprises a major management apparatus 21, an authorized managementapparatus, 23 and an electronic apparatus 25 for delegation management.

The major management apparatus 21 comprises a transceiving interface211, a processing unit 213, and a storage unit 215, wherein theprocessing unit 213 is electrically connected to the transceivinginterface 211 and the storage unit 215. The authorized managementapparatus 23 comprises two transceiving interfaces 231, 235, aprocessing unit 233, and a storage unit 237, wherein the processing unit233 is electrically connected to the transceiving interfaces 231, 235and the storage unit 237. The electronic apparatus 25 comprises astorage unit 251, a processing unit 253, and a transceiving interface255, wherein the processing unit 253 is electrically connected to thestorage unit 251 and the transceiving interface 255.

Each of the transceiving interfaces 211, 231, 235, 255 may be any one ofvarious transceiving interfaces that are well known to those of ordinaryskill in the art. Each of the processing units 213, 233, 253 may be anyone of various processors, central processing units, microprocessors, orother calculating apparatuses that are well known to those of ordinaryskill in the art. Each of the storage units 215, 237, 251 may be any oneof various built-in memories or other storage media that have the samefunction and can readily occur to those of ordinary skill in the art.

At an initial stage, the storage unit 251 of the electronic apparatus 25stores a plurality of resource objects 250 a, . . . , 250 b, each ofwhich may be a datum, a service function, or an apparatus component(e.g., a switch). For example, in this embodiment, the resource object250 a is a service function and the resource object 250 b is a datum.The storage unit 215 of the major management apparatus 21 stores anaccess right message 4 and a schematic view of the content of the accessright message 4 is depicted in FIG. 4. The access right message 4records which kind of right has been delegated by the major managementapparatus 21 to the authorized management apparatus 23; that is, how theauthorized management apparatus 23 manages the electronic apparatus 25when being assigned with different right levels i can be known from theaccess right message 4.

As shown in FIG. 4, the access right message 4 records the operationcodes Op-1, Op-2, Op-4, Op-5, Op-6 that corresponds to different objectcodes OB-1, . . . , OB-K at different right levels i. Each of the objectcodes OB-1, . . . , OB-K corresponds to a resource object. When theresource object corresponding to an object code is a datum, thecorresponding operation code may correspond to data reading, datawriting, data updating, data deleting, or some other operation relatedto the data object. When the resource object corresponding to an objectcode is a service function, the corresponding operation code maycorrespond to execution, suspension, resuming, termination, or someother operation related to the function object. When the resource objectcorresponding to an object code is an apparatus component, thecorresponding operation code may correspond to turn-on, turn-off, orsome other operation related to the apparatus.

For example, in this embodiment, the object codes OB-1, OB-K correspondto the resource objects 250 a, 250 b respectively. As described above,the resource object 250 a is a service function and the resource object250 b is a datum. Further, the operation codes Op-1, Op-2 correspond toexecution and termination respectively and the operation codes Op-4,Op-5, Op-6 correspond to data reading, data writing, and data updatingrespectively.

At a deployment stage of the delegation, the processing unit 213 of themajor management apparatus 21 generates a delegation deployment message302, which comprises an authorization key 200, a right level i, and aright token Rm-N. Furthermore, the processing unit 213 generates adelegation deployment message 304, which comprises the authorization key200 and a right verification message Rm-0. The delegation deploymentmessage 304 may further comprise the access right message 4. The majormanagement apparatus 21 can store the authorization key 200, the rightlevel i, and the right verification message Rm-0 into the storage unit215. Thereafter, the transceiving interface 211 of the major managementapparatus 21 transmits the delegation deployment messages 302, 304 tothe authorized management apparatus 23 and the electronic apparatus 25respectively.

It shall be appreciated that the right level i, the right verificationmessage Rm-0, and the right token Rm-N are correlated with each other.This embodiment provides two ways of generating the right token by theright level i and the right verification message Rm-0, which can be usedalternatively.

Please refer to FIG. 5A for the first way of generating the right token.The major management apparatus 21 determines the degree of the rightlevel i to be assigned to the authorized management apparatus 23. Theprocessing unit 213 then generates the right token Rm-N by the rightverification message Rm-0, the right level i, and a hash function. Theaforesaid hash function may be SHA-1, MD5, or some other hash functionalgorithm having a similar function. Specifically, the right level i isa positive integer, the processing unit 213 generates the right tokenRm-N by executing a predetermined times of the hash function on theright verification message Rm-0, and the predetermined times is equal tothe right level i.

For example, if the right level i is 1, the processing unit 213 willgenerate the right token Rm-1 by executing a hash function h once on theright verification message Rm-0; if the right level is 2, the processingunit 213 will generate the right token Rm-2 by executing the hashfunction operation h twice on the right verification message Rm-0; andso on. Depending on the degree of the right level i, the right tokenRm-N may be the right token Rm-1, the right token Rm-2, or a right tokengenerated by executing the hash function h for some other number oftimes. The hash function h is irreversible. Therefore, in thisembodiment, the smaller the right level i is, the larger the right scopedelegated by the major management apparatus 21 to the authorizedmanagement apparatus 23 will be.

Please refer to FIG. 5B for the second way of generating the righttoken. The major management apparatus 21 determines the degree of theright levels i to be assigned to the authorized management apparatus 23.Then, the processing unit 213 generates the right token Rm-N by theright verification message Rm-0, a right calculation auxiliary messageRm-A, the right level i, and the hash function h. The right calculationauxiliary message Rm-A comprises the access right message 4 and/or adevice code related to the electronic apparatus 25 (e.g., an address ofa hardware network interface card of the electronic apparatus 25, aserial number of a product, other information capable of uniquelyidentifying the electronic apparatus 25, or the like). When the devicecode related to the electronic apparatus 25 is used as the rightcalculation auxiliary message Rm-A, the major management apparatus 21must know this information. The major management apparatus 21 can storethe device code related to the electronic apparatus 25 into the storageunit 215.

Before calculating the right token, the processing unit 213 integratesthe right verification message Rm-0 and the right calculation auxiliarymessage Rm-A together, e.g., through concatenation. Thereafter, if theright level i is 1, the processing unit 213 will generate the righttoken Rm-1′ with the right level of 1 by executing the hash function honce on the integrated right verification message Rm-0 and the rightcalculation auxiliary message Rm-A; if the right level i is 2, theprocessing unit 213 will generate the right token Rm-2′ with the rightlevel of 2 by executing the hash function h twice on the integratedright verification message Rm-0 and the right calculation auxiliarymessage Rm-A; and so on.

If the right token is generated by both the right verification messageRm-0 and the right calculation auxiliary message Rm-A, more precisedelegation management can be achieved. In other words, it is moreclearly specified that the right scope of the right level i is the rightscope defined by the access right message 4 and/or is only limited touse in an electronic apparatus with a specific device code (byincorporating the right calculation auxiliary message Rm-A to calculatethe right token).

The delegation deployment message 302 is received by the transceivinginterface 231 of the authorized management apparatus 23. Theauthorization key 200, the right level i, and the right token Rm-Ncomprised in the delegation deployment message 302 are stored into thestorage unit 237. On the other hand, the delegation deployment message304 is received by the transceiving interface 255 of the electronicapparatus 25 via the authorized management apparatus 23. Theauthorization key 200 and the right verification message Rm-0 comprisedin the delegation deployment message 304 are stored into the storageunit 251. If the delegation deployment message 304 further comprises theaccess right message 4, the access right message 4 is also stored intothe storage unit 251. At this point, the right of managing theelectronic apparatus 25 has been delegated by the major managementapparatus 21 to the authorized management apparatus 23.

Thereafter, when the authorized management apparatus 23 is to manage theelectronic apparatus 25, the processing unit 233 performs a verificationpattern calculation by the authorization key 200, the right token Rm-N,the right level i, and an operation task message. The aforesaidoperation task message may comprise an object code (i.e., an object tobe managed) and an operation code (i.e., an operation to be executed onthe object). The aforesaid verification pattern calculation may be anykind of message authentication code (MAC) calculations such as thehash-based message authentication code (HMAC) calculation and the cipherblock chaining message authentication code (CBC-MAC) calculation.Furthermore, the processing unit 233 encrypts an original authorizedoperation message into an authorized operation message 306 by theauthorization key 200.

Next, the details of the verification pattern calculation performed bythe authorized management apparatus 23 and the generation of theauthorized operation message 306 in this embodiment will be describedwith reference to FIG. 6A. Specifically, the processing unit 233performs the verification pattern calculation VPC by the right tokenRm-N, the right level i, the operation task message 400 (comprising anobject code OB and an operation code OP), and the authorization key 200to obtain a verification message VP1. Furthermore, the processing unit233 views the right level i and the operation task message 400 as theoriginal authorized operation message and generates the authorizedoperation message 306 by executing an encrypting operation EN on theoriginal authorized operation message by the authorization key 200.

The transceiving interface 235 of the authorized management apparatus 23transmits the verification message VP1 and the authorized operationmessage 306 to the electronic apparatus 25, while the transceivinginterface 255 of the electronic apparatus 25 receives the verificationmessage VP1 and the authorized operation message 306. Next, theprocessing unit 253 of the electronic apparatus 25 decrypts theauthorized operation message 306 into the original authorized operationmessage by the authorization key 200 and thus obtains the operation taskmessage 400 and the right level i. Then, the processing unit 253performs a verification procedure by the authorization key 200, theright verification message Rm-0, the right level i, and the operationtask message 400.

Next, the details of how the electronic apparatus 25 processes theauthorized operation message 306 and the verification procedureperformed by the electronic apparatus 25 in this embodiment will bedescribed with reference to FIG. 6B. Specifically, the electronicapparatus 25 executes a decrypting operation DE on the authorizedoperation message 306 by the authorization key 200 so as to generate theoriginal authorized operation message and thus obtains the right level iand the operation task message 400.

Following that, the verification procedure performed by the electronicapparatus 25 will be described. The processing unit 253 firstlygenerates a right token Rm-N′. If the major management apparatus 21previously generates the right token Rm-N for the authorized managementapparatus 23 by the way shown in FIG. 5A, the processing unit 253 of theelectronic apparatus 25 will use the right verification message Rm-0,the right level i, and the same hash function to generate the righttoken Rm-N′. Specifically, the right level i is a positive integer, theprocessing unit 253 generates the right token Rm-N′ by executing apredetermined times of the hash function h on the right verificationmessage Rm-0, and the predetermined times is equal to the right level i.

If the major management apparatus 21 previously generates the righttoken Rm-N by the way shown in FIG. 5B, then the processing unit 253 ofthe electronic apparatus 25 will generate the right token Rm-N′ by theright verification message Rm-0, the right calculation auxiliary messageRm-A, the right level i, and the same hash function. Specifically, theprocessing unit 253 generates the right token Rm-N′ by executing apredetermined time of the hash function h on the right verificationmessage Rm-0 and the right calculation auxiliary message Rm-A and thepredetermined times is equal to the right level i.

Then, the processing unit 253 obtains a verification message VP2 byusing the authorization key 200, the right token Rm-N′, the right leveli and the operation task message 400 to execute the same verificationpattern calculation VPC. Subsequently, the processing unit 253 executesa comparison operation CMP on the verification message VP1 and theverification message VP2, i.e., determines whether the verificationmessage VP1 is the same as the verification message VP2. If theverification message VP1 is different from the verification message VP2(i.e., meaning that the authorized management apparatus 23 does not passthe verification procedure), then the electronic apparatus 25 will notexecute any operation according to the instructions of the authorizedmanagement apparatus 23. If the verification message VP1 is the same asthe verification message VP2, then the processing unit 253 will inquirethe access right message 4 according to the right level i and theoperation task message 400 in order to determine whether to execute anoperation according to the right level i and the operation task message400. If the right level i and the operation task message 400 conform toa rule of the access right message 4, then the processing unit 253 willexecute the corresponding operation according to the right level and theoperation task message 400.

As an example, it is assumed that the authorized management apparatus 23passes the verification procedure, the object code OB and the operationcode OP comprised in the operation task message 400 are the object codeOB-1 and the operation code Op-1 respectively, and the right level iis 1. The processing unit 253 inquires the access right message 4 anddetermines that the object code OB-1 corresponds to the operation codeOp-1 when the right level i is 1, so the processing unit 253 thenexecutes on the resource object 250 a the operation represented by theoperation code Op-1.

As another example, it is assumed that the authorized managementapparatus 23 passes the verification procedure, the object code OB andthe operation code OP comprised in the operation task message 400 arethe object code OB-K and the operation code Op-6 respectively, and theright level i is 2. The processing unit 253 inquires the access rightmessage 4 and determines that the object code OB-K does not correspondto the operation code Op-6 when the right level i is 1, so theprocessing unit 253 will not execute on the resource object 250 bcorresponding to the object code OB-K the operation (i.e., dataupdating) represented by the operation code Op-6.

It shall be appreciated that, the authorization key used during theencrypting operation EN and the decrypting operation DE may be differentfrom the authorization key used during the verification patterncalculation in other implementations. In these implementations, thedelegation deployment messages 302, 304 have to comprise twoauthorization keys individually.

When the authorized management apparatus 23 intends to manage the sameobject or other object in the electronic apparatus 25 subsequently, theauthorized management apparatus 23 simply needs to generate theauthorized operation message 306 again. Depending on which object is tobe managed and which operation is to be executed, the authorizedoperation message 306 generated subsequently may carry different objectcodes and operation codes.

Furthermore, if the major management apparatus 21 intends to increasethe right level i assigned to the authorized management apparatus 23(i.e., decrease the value of the right level i, e.g., change the valueof the right level i from 2 to 1), the major management apparatus 21 hasto generate an additional delegation deployment message that comprisesthe updated right level i and the updated right token. The majormanagement apparatus 21 transmits the new delegation deployment messageto the authorized management apparatus 23. After receiving the newdelegation deployment message, the authorized management apparatus 23obtains the updated right level i and the updated right token.

If the major management apparatus 21 intends to decrease the right leveli assigned to the authorized management apparatus 23 (e.g., change thevalue of the right level i from 1 to 2), then the major managementapparatus 21 has to generate a new right token in the way shown in FIG.5A or FIG. 5B by a new right verification message. Then, the majormanagement apparatus 21 generates an additional delegation deploymentmessage for the authorized management apparatus 23, wherein theadditional delegation deployment message comprises the updated rightlevel i and the updated right token Rm-N. Furthermore, the majormanagement apparatus 21 also generates an additional delegationdeployment message for the electronic apparatus 25, wherein theadditional delegation deployment message comprises the updated rightverification message Rm-0. After the new delegation deployment messagesare received by the authorized management apparatus 23 and theelectronic apparatus 25, the decreasing operation of the right level iscompleted.

Moreover, this embodiment also provides a delegation revoking mechanism.If the major management apparatus 21 intends to suspend delegating theauthorized management apparatus 23 to manage the resource objects (e.g.,the resource objects 250 a, . . . , 250 b) stored in the electronicapparatus 25, the transceiving interface 211 of the major managementapparatus 21 will transmit another delegation deployment message 308 tothe electronic apparatus 25. An authorization key comprised in thedelegation deployment message 308 is different from the authorizationkey comprised in the delegation deployment message 304. The electronicapparatus 25 will change to use the new authorization key afterreceiving the delegation deployment message 308. Therefore, theauthorized management apparatus 23 cannot manage and operate the objectsstored in the electronic apparatus 25 any longer because the authorizedmanagement apparatus 23 and the electronic apparatus 25 have differentauthorization keys.

It shall be appreciated that, in other implementations, both the majormanagement apparatus 21 and the authorized management apparatus 23 arestored with a first device key and the messages/signals transmittedbetween the major management apparatus 21 and the authorized managementapparatus 23 are all encrypted by the first device key. Besides, boththe major management apparatus 21 and the electronic apparatus 25 arestored with a second device key and the messages/signals transmittedbetween the major management apparatus 21 and the electronic apparatus25 are all encrypted by the second device key.

According to the above descriptions, in the first embodiment, the majormanagement apparatus 21 transmits the delegation deployment messages302, 304 comprising the authorization key 200 to the authorizedmanagement apparatus 23 and the electronic apparatus 25 respectively sothat transmission of messages/signals between the authorized managementapparatus 23 and the electronic apparatus 25 can be protected by theauthorization key 200. Then, the authorized management apparatus 23 cansecurely transmit the authorized operation message 306 to the electronicapparatus 25 so that the electronic apparatus 25 executes an operationaccording to the right level i and the operation task message 400comprised in the authorized operation message 306. In this way, themajor management apparatus 21 can delegate the authorized managementapparatus 23 to manage the electronic apparatus 25. Besides, through theaccess right message 4, the major management apparatus 21 can delegatethe delegation management to the authorized management apparatus 23 in afiner way, i.e., can further perform different management operationright controls on the objects respectively. Furthermore, by transmittingthe new delegation deployment message 308, the delegating operations ofmanaging the electronic apparatus 25 can also be revoked to achieve aflexible management effect.

Next, a second embodiment of the present invention will be described.The second embodiment differs from the first embodiment in theauthorized operation message 306 generated by the authorized managementapparatus 23, the verification pattern calculation performed by theauthorized management apparatus 23, how the electronic apparatus 25processes the authorized operation message 306, and the verificationprocedure performed by the electronic apparatus 25. Except the abovedifferences, the second embodiment can execute all the operationsdescribed in the first embodiment. Therefore, only the differencesbetween the second embodiment and the first embodiment will be describedhereinbelow.

Please refer to FIG. 7A for the details of the verification patterncalculation performed by the authorized management apparatus 23 and thegeneration of the authorized operation message 306 in this embodiment.The processing unit 233 of the authorized management apparatus 23performs a verification pattern calculation VPC by the authorization key200, the right token Rm-N, the right level i, and the operation taskmessage 400 to obtain a verification message VP1. Then, the processingunit 233 views the right level i, the operation task message 400, andthe verification message VP1 as the original authorized operationmessage. The processing unit 233 generates the authorized operationmessage 306 by executing an encrypting operation EN on the originalauthorized operation message by the authorization key 200 and thetransceiving interface 235 transmits the authorized operation message306 to the electronic apparatus 25.

Please refer to FIG. 7B, which illustrates how the electronic apparatus25 of this embodiment processes the authorized operation message 306 andperforms the verification procedure. After the authorized operationmessage 306 is received by the transceiving interface 255 of theelectronic apparatus 25, the processing unit 253 executes a decryptingoperation DE on the authorized operation message 306 by theauthorization key 200 to generate the original authorized operationmessage and thus obtains the right level i, the operation task message400, and the verification message VP1. Then, the processing unit 253generates a right token Rm-N′ by the right verification message Rm-0,the right level i, and the same hash function. If the major managementapparatus 21 previously generates the right token Rm-N by the way shownin FIG. 5B, then the processing unit 253 of the electronic apparatus 25use the right verification message Rm-0, the right calculation auxiliarymessage Rm-A, the right level i, and the same hash function to generatethe right token Rm-N′. Then, the processing unit 253 obtains averification message VP2 by using the authorization key 200, the righttoken Rm-N′, the right level i, and the operation task message 400 toexecute the same verification pattern calculation VPC.

Likewise, the processing unit 253 executes a comparison operation CMP onthe verification message VP1 and the verification message VP2, i.e.,determines whether the verification message VP1 is the same as theverification message VP2. If the verification message VP1 is the same asthe verification message VP2 (meaning that the authorized managementapparatus 23 passes the verification procedure), then the processingunit 253 will inquire the access right message 4 according to the rightlevel i and the operation task message 400 so as to determine whether toexecute an operation according to the right level i and the operationtask message 400. If the right level i and the operation task message400 conform to the rule of the access right message 4, then theprocessing unit 253 will execute the corresponding operation accordingto the right level i and the operation task message 400. If theverification message VP1 is different from the verification message VP2(meaning that the authorized management apparatus 23 does not pass theverification procedure), then the electronic apparatus 25 will notexecute any operation according to the instructions of the authorizedmanagement apparatus 23.

It shall be appreciated that, the authorization key used during theencrypting operation EN/the decrypting operation DE may be differentfrom the authorization key used during the verification patterncalculation in other implementations. In these implementations, theprevious delegation deployment messages 302, 304 need to comprise twoauthorization keys.

In addition to the aforesaid verification procedure, the secondembodiment can also execute other operations that can be executed by thefirst embodiment. As those operations have been addressed in detail inthe first embodiment, they are not repeated here.

Next, a third embodiment of the present invention will be described. Thethird embodiment differs from the first embodiment in the authorizedoperation message 306 generated by the authorized management apparatus23, the verification pattern calculation performed by the authorizedmanagement apparatus 23, how the electronic apparatus 25 processes theauthorized operation message 306, and the verification procedureperformed by the electronic apparatus 25. Except the above differences,the third embodiment can execute all the operations described in thefirst embodiment. Therefore, only the differences between the thirdembodiment and the first embodiment will be described hereinbelow.

Please refer to FIG. 8A for the details about the verification patterncalculation performed by the authorized management apparatus 23 and theprocesses for generating the authorized operation message 306 in thisembodiment. The processing unit 233 views the right level i and theoperation task message 400 as the original authorized operation messageand executes an encrypting operation EN on the original authorizedoperation message by the authorization key 200 to generate theauthorized operation message 306. Then, the processing unit 233 performsa verification pattern calculation VPC by the authorization key 200, theright token Rm-N, and the authorized operation message 306 to obtain averification message VP1. The transceiving interface 235 of theauthorized management apparatus 23 transmits the authorized operationmessage 306 and the verification message VP1 to the electronic apparatus25, while the transceiving interface 255 of the electronic apparatus 25receives the authorized operation message 306 and the verificationmessage VP1.

Please refer to FIG. 8B, which illustrates how the electronic apparatus25 processes the authorized operation message 306 and performs theverification procedure in this embodiment. The electronic apparatus 25executes a decrypting operation DE on the authorized operation message306 by the authorization key 200 to generate the original authorizedoperation message and thus obtains the right level i and the operationtask message 400. Then, the processing unit 253 uses the rightverification message Rm-0, the right level i, and the same hash functionto generate a right token Rm-N′. If the major management apparatus 21previously generates the right token Rm-N in the way shown in FIG. 5B,then the processing unit 253 of the electronic apparatus 25 will use theright verification message Rm-0, the right calculation auxiliary messageRm-A, the right level i, and the same hash function to generate theright token Rm-N′. Then, the processing unit 253 obtains a verificationmessage VP2 by using the right token Rm-N′ and the authorized operationmessage 306 to execute the same verification pattern calculation VPC.

Likewise, the processing unit 253 executes a comparison operation CMP onthe verification message VP1 and the verification message VP2, i.e.,determines whether the verification message VP1 is the same as theverification message VP2. If the verification message VP1 is the same asthe verification message VP2 (meaning that the authorized managementapparatus 23 passes the verification procedure), then the processingunit 253 will inquire the access right message 4 according to the rightlevel i and the operation task message 400 so as to determine whether toexecute an operation according to the right level i and the operationtask message 400. If the right level i and the operation task message400 conform to a rule of the access right message 4, then the processingunit 253 will execute the corresponding operation according to the rightlevel i and the operation task message 400. If the verification messageVP1 is different from the verification message VP2 (meaning that theauthorized management apparatus 23 does not pass the verificationprocedure), then the electronic apparatus 25 will not execute anyoperation according to the instructions of the authorized managementapparatus 23.

It shall be appreciated that, the authorization key used during theencrypting operation EN/the decrypting operation DE may be differentfrom the authorization key used during the verification patterncalculation in other implementations. In these implementations, thedelegation deployment messages 302, 304 need to comprise twoauthorization keys.

In addition to the aforesaid verification procedure, the thirdembodiment can also execute other operations that can be executed by thefirst embodiment. As those operations have been addressed in detail inthe first embodiment, they are not repeated here.

A fourth embodiment of the present invention is a delegation managementmethod, which is suitable for use in a network system comprising a majormanagement apparatus, an authorized management apparatus, and anelectronic apparatus. FIG. 9A, FIG. 9B, and FIG. 9C depict theflowcharts of the delegation management methods executed by the majormanagement apparatus, the authorized management apparatus, and theelectronic apparatus respectively.

Firstly, the delegation management method executed by the majormanagement apparatus will be described. Step S901 is executed to enablethe major management apparatus to generate a right token. If the majormanagement apparatus has generated the right token previously, then thestep S901 can be omitted. This embodiment provides two ways ofgenerating the right token, which can be used alternatively.

Hereinbelow, the first way of generating the right token will bedescribed firstly. The step S901 may use a right verification message, aright level, and a hash function to generate the right token.Specifically, the value of the right level is a positive integer, thestep S901 may generate the right token by executing a predeterminedtimes of the hash function on the right verification message, and thepredetermined times is equal to the right level, as shown in FIG. 5A.

Then, the second way of generating the right token will be described.The step S901 may generate the right token by a right verificationmessage, a right calculation auxiliary message, a right level, and ahash function. The right calculation auxiliary message comprises anaccess right message and/or a device code associated with the electronicapparatus. Specifically, the value of the right level is a positiveinteger, the step S901 may generate the right token by executing apredetermined times of the hash function on the right verificationmessage and the right calculation auxiliary message, and thepredetermined times is equal to the right level, as shown in FIG. 5B.

Then, step S902 is executed to enable the major management apparatus togenerate a first delegation deployment message, which comprises anauthorization key, the right level, and the right token. Step S903 isexecuted to enable the major management apparatus to generate a seconddelegation deployment message, which comprises the same authorizationkey and the right verification message. The second delegation deploymentmessage may further comprise the access right message as shown in FIG.4. It shall be appreciated that the execution orders of the step S902and the step S903 may be exchanged.

Then, step S904 and step S905 are executed to enable the majormanagement apparatus to transmit the first delegation deployment messageto the authorized management apparatus and transmit the seconddelegation deployment message to the electronic apparatus respectively.It shall be appreciated that the execution orders of the step S904 andthe step S905 may be exchanged.

If both the major management apparatus 21 and the authorized managementapparatus 23 are stored with a first device key and both the majormanagement apparatus 21 and the electronic apparatus 25 are stored witha second device key in other implementations, then the first delegationdeployment message generated in the step S902 is encrypted by the firstdevice key and the second delegation deployment message generated in thestep S903 is encrypted by the second device key.

Then, the delegation management method executed by the authorizedmanagement apparatus will be described. Step S911 is executed to enablethe authorized management apparatus to receive the first delegationdeployment message from the major management apparatus and thus obtainthe authorization key, the right token, and the right level. Then, stepS912 is executed to enable the authorized management apparatus toperform a verification pattern calculation by the authorization key, theright token, the right level, and an operation task message to obtain afirst verification message as shown in FIG. 6A. The aforesaid operationtask message comprises an object code (i.e., an object in the electronicapparatus 25 to be managed) and an operation code (i.e., an operation tobe executed).

Then, step S913 is executed to enable the authorized managementapparatus to encrypt an original authorized operation message into anauthorized operation message by the authorization key. The originalauthorized operation message comprises the right level and the operationtask message as shown in FIG. 6A. Then, step S914 and step S915 areexecuted to enable the authorized management apparatus to transmit theauthorized operation message and the first verification message to theelectronic apparatus respectively. It shall be appreciated that theexecution orders of the step S914 and the step S915 may be exchanged orthe step S914 and the step S915 may be combined together.

Referring to FIG. 9C and FIG. 6B together, the delegation managementmethod executed by the electronic apparatus will be described. Step S921is executed to enable the electronic apparatus to receive the seconddelegation deployment message from the major management apparatus andthus obtain an authorization key and a right verification message andeven further obtain an access right message. Then, step S922 is executedto enable the electronic apparatus to receive the authorized operationmessage from the authorized management apparatus. Step S923 is executedto enable the electronic apparatus to decrypt the authorized operationmessage into the original authorized operation message by theauthorization key so as to obtain the operation task message and theright level.

Then, step S924 is executed to enable the electronic apparatus toreceive the first verification message from the authorized managementapparatus. Subsequently, step S925 is executed to enable the electronicapparatus to generate a second right token by the right verificationmessage, the right level, and the hash function. If the step S901generates the first right token in the way shown in FIG. 5B, then thestep S925 generates the second right token by the right verificationmessage, the right calculation auxiliary message, the right level, andthe hash function. Step S926 is executed to enable the electronicapparatus to perform the same verification pattern calculation as thatin the step S912 by the authorization key, the second right token, theright level, and the operation task message to obtain a secondverification message.

Then, step S927 is executed to enable the electronic apparatus todetermine whether the first verification message is the same as thesecond verification message. If it is determined in the step S927 thatthe first verification message is different from the second verificationmessage, then the operation at this stage is ended. If it is determinedin the step S927 that the first verification message is the same as thesecond verification message, then step S928 is executed. Step S928 isexecuted to enable the electronic apparatus to determine whether theright level and the operation task message conform to a rule of theaccess right message. If the determination result of the step S928 is“no”, then the operation at this stage is ended. If the result of thestep S928 is “yes”, then the electronic apparatus executes an operationaccording to the right level and the operation task message.

In addition to the aforesaid steps, the delegation management method ofthe fourth embodiment can also execute all the operations and functionsset forth in the first embodiment. How the fourth embodiment executesthese operations and functions can be readily appreciated by those ofordinary skill in the art based on the explanation of the firstembodiment, and thus will not be further described herein.

A fifth embodiment of the present invention is a delegation managementmethod, which is also suitable for use in a network system comprising amajor management apparatus, an authorized management apparatus, and anelectronic apparatus. The steps executed in the fifth embodiment aresimilar to those executed in the fourth embodiment, so only thedifferences between the two embodiments will be detailed hereinbelow.

In this embodiment, the major management apparatus also executes thesteps as shown in FIG. 9A, which will not be further described herein.

FIG. 10A depicts a flowchart of the delegation management methodexecuted by the authorized management apparatus of this embodiment.Similarly, the authorized management apparatus firstly executes the stepS911 and the step S912, which have been detailed above and thus will notbe further described herein. In the subsequent step S913, the encryptedoriginal authorized operation message further comprises the firstverification message generated in the step S912 in addition to theoperation task message and the right level. For convenience ofunderstanding, please refer to FIG. 7A together for the operationaldetails of the step S912 and the step S913. Since the first verificationmessage has been comprised in the original authorized operation messagewhich is encrypted into the authorized operation message, only step S914is executed subsequently to transmit the authorized operation message tothe electronic apparatus.

FIG. 10B depicts a flowchart of the delegation management methodexecuted by the electronic apparatus of this embodiment. Please refer toFIG. 7B together for convenience of understanding. In this embodiment,the electronic apparatus firstly executes the step S921 and the stepS922, which have been detailed in the previous embodiment and thus willnot be further described herein. Then, step S930 is executed to enablethe electronic apparatus to decrypt the authorized operation messageinto the original authorized operation message by the authorization keyso as to obtain the operation task message, the right level, and thefirst verification message.

Then, step S925 is executed to enable the electronic apparatus togenerate a second right token by the right verification message, theright level, and the hash function. If the step S901 generates the firstright token in the way shown in FIG. 5B, then the step S925 generatesthe second right token by the right verification message, the rightcalculation auxiliary message, the right level, and the hash function.Step S926 is executed to enable the electronic apparatus to perform thesame verification pattern calculation as that in the step S912 by theauthorization key, the second right token, the right level, and theoperation task message to obtain a second verification message.

Then, step S927 is executed to enable the electronic apparatus todetermine whether the first verification message is the same as thesecond verification message. If it is determined in the step S927 thatthe first verification message is different from the second verificationmessage, then the operation at this stage is ended. If it is determinedin the step S927 that the first verification message is the same as thesecond verification message, then step S928 is executed. Step S928 isexecuted to enable the electronic apparatus to determine whether theright level and the operation task message conform to a rule of theaccess right message. If the determination result of the step S928 is“no”, then the operation at this stage is ended. If the result of thestep S928 is “yes”, then the electronic apparatus executes an operationaccording to the right level and the operation task message.

In addition to the aforesaid steps, the delegation management method ofthe fifth embodiment can also execute all the operations and functionsset forth in the second embodiment. How the fifth embodiment executesthese operations and functions can be readily appreciated by those ofordinary skill in the art based on the explanation of the secondembodiment, and thus will not be further described herein.

A sixth embodiment of the present invention is a delegation managementmethod, which is also suitable for use in a network system comprising amajor management apparatus, an authorized management apparatus, and anelectronic apparatus. The steps executed in the sixth embodiment aresimilar to those executed in the fourth embodiment, so only differencesbetween the two embodiments will be detailed hereinbelow.

In this embodiment, the major management apparatus also executes thesteps as shown in FIG. 9A, which will not be further described herein.FIG. 11A and FIG. 11B depict flowchart diagrams of the delegationmanagement methods executed by the authorized management apparatus andthe electronic apparatus of this embodiment respectively.

Please refer to FIG. 11A and FIG. 8A firstly. In this embodiment, theauthorized management apparatus firstly executes the step S911, whichhas been detailed in the fourth embodiment and thus will not be furtherdescribed herein. Then, step S913 is executed to enable the authorizedmanagement apparatus to use the authorization key to encrypt an originalauthorized operation message into an authorized operation message. Theoriginal authorized operation message comprises an operation taskmessage and the right level. Then, step S912 is executed to perform averification pattern calculation by the authorization key, the firstright token, and the authorized operation message to obtain a firstverification message. Subsequently, steps S914 and S915 are executed.

Please refer to FIG. 11B and FIG. 8B. In this embodiment, the electronicapparatus firstly executes the step S921 to the step S925, which havebeen detailed in the fourth embodiment and thus will not be furtherdescribed herein. Then, step S931 is executed to enable the electronicapparatus to perform a verification pattern calculation by theauthorization key, the second right token, and the authorized operationmessage to obtain a second verification message. Subsequently, stepsS927 to S929 are executed.

In addition to the aforesaid steps, the delegation management method ofthe sixth embodiment can also execute all the operations and functionsset forth in the third embodiment. How the sixth embodiment executesthese operations and functions can be readily appreciated by those ofordinary skill in the art based on the explanation of the thirdembodiment, and thus will not be further described herein.

In addition, the delegation management method described in the fourth tothe sixth embodiments may be implemented by a computer program product.When the computer program product is loaded into the major managementapparatus, the authorized management apparatus and the electronicapparatus and a plurality of codes comprised therein is executed, thedelegation management method described in the fourth to the sixthembodiments can be accomplished. The aforesaid computer program productmay be stored in a tangible machine-readable medium, such as a read onlymemory (ROM), a flash memory, a floppy disk, a hard disk, a compactdisk, a mobile disk, a magnetic tape, a database accessible to networks,or any other storage media with the same function and well known tothose skilled in the art.

According to the present invention, the major management apparatusgenerates a first delegation deployment message and a second delegationdeployment message and transmits the first delegation deployment messageand the second delegation deployment message to the authorizedmanagement apparatus and the electronic apparatus respectively. Then,when the authorized management apparatus is to access the electronicapparatus, the authorized management apparatus firstly generates anoriginal authorized operation message, and encrypts the originalauthorized operation message into an authorized operation message. Theoriginal authorized operation message comprises an operation taskmessage and a right level, so the electronic apparatus can execute anoperation according to the right level and the operation task message.Furthermore, the present invention also provides a plurality ofverification procedures, which enable the delegation managementoperations to proceed more securely.

Through the aforesaid mechanism, the major management apparatus of thepresent invention can flexibly assign different right levels to theauthorized management apparatus according to the needs of practicalapplications. After being authorized, the authorized managementapparatus can manage/access the electronic apparatus according to theassigned right levels. The electronic apparatus can also accuratelycontrol and execute the management/access operations of the authorizedmanagement apparatus according to the right levels. Therefore, thepresent invention can solve the problems with the prior art.

The above disclosure is related to the detailed technical contents andinventive features thereof. People skilled in this field may proceedwith a variety of modifications and replacements based on thedisclosures and suggestions of the invention as described withoutdeparting from the characteristics thereof. Nevertheless, although suchmodifications and replacements are not fully disclosed in the abovedescriptions, they have substantially been covered in the followingclaims as appended.

What is claimed is:
 1. A major management apparatus for delegationmanagement, a network system comprising the major management apparatus,an authorized management apparatus, and an electronic apparatus, themajor management apparatus comprising: a processing unit, beingconfigured to generate a first delegation deployment message and asecond delegation deployment message, wherein the first delegationdeployment message comprises an authorization key, a right level, and aright token and the second delegation deployment message comprises theauthorization key and a right verification message; and a transceivinginterface, being electrically connected to the processing unit andconfigured to transmit the first delegation deployment message to theauthorized management apparatus so that the authorized managementapparatus uses the authorization key to encrypt an original authorizedoperation message into an authorized operation message; wherein thetransceiving interface further transmits the second delegationdeployment message to the electronic apparatus so that the electronicapparatus uses the authorization key to decrypt the authorized operationmessage received from the authorized management apparatus into theoriginal authorized operation message and so that the electronicapparatus performs a verification procedure by the right verificationmessage as well as the right level and an operation task messagecomprised in the original authorized operation message and executes anoperation according to the right level and the operation task message.2. The major management apparatus of claim 1, wherein the processingunit further generates the right token by the right verificationmessage, the right level, and a hash function.
 3. The major managementapparatus of claim 2, wherein the right level is a positive integer, theprocessing unit generates the right token by executing a predeterminedtimes of the hash function on the right verification message, and thepredetermined number is equal to the right level.
 4. The majormanagement apparatus of claim 1, further comprising: a storage unit,being configured to store an access right message; wherein the seconddelegation deployment message further comprises the access rightmessage, the processing unit further generates the right token by theright verification message, a right calculation auxiliary message, theright level, and a hash function, and the right calculation auxiliarymessage comprises one of the access right message, a device codeassociated with the electronic apparatus, and the combination thereof.5. The major management apparatus of claim 4, wherein the right level isa positive integer, the processing unit generates the right token byexecuting a predetermined times of the hash function on the rightverification message and the right calculation auxiliary message, andthe predetermined times is equal to the right level.
 6. A delegationmanagement method for a major management apparatus, a network systemcomprising the major management apparatus, an authorized managementapparatus, and an electronic apparatus, the delegation management methodcomprising the following steps of: (a) generating a first delegationdeployment message, wherein the first delegation deployment messagecomprises an authorization key, a right level, and a right token; (b)generating a second delegation deployment message, wherein the seconddelegation deployment message comprises the authorization key and aright verification message; (c) transmitting the first delegationdeployment message to the authorized management apparatus so that theauthorized management apparatus uses the authorization key to encrypt anoriginal authorized operation message into an authorized operationmessage; and (d) transmitting the second delegation deployment messageto the electronic apparatus so that the electronic apparatus uses theauthorization key to decrypt the authorized operation message from theauthorized management apparatus into the original authorized operationmessage and so that the electronic apparatus performs a verificationprocedure by the right verification message as well as the right leveland an operation task message comprised in the original authorizedoperation message and executes an operation according to the right leveland the operation task message.
 7. The delegation management method ofclaim 6, further comprising the following step of: (e) generating theright token by the right verification message, the right level, and ahash function.
 8. The delegation management method of claim 7, whereinthe right level is a positive integer, the step (e) generates the righttoken by executing a predetermined times of the hash function on theright verification message, and the predetermined times is equal to theright level.
 9. The delegation management method of claim 6, wherein thesecond delegation deployment message further comprises an access rightmessage, the delegation management method further comprises thefollowing step of: (e) generating the right token by the rightverification message, a right calculation auxiliary message, the rightlevel, and a hash function, wherein the right calculation auxiliarymessage comprises one of the access right message, a device codeassociated with the electronic apparatus, and the combination thereof.10. The delegation management method of claim 9, wherein the right levelis a positive integer, the step (e) generates the right token byexecuting a predetermined times of the hash function on the rightverification message and the right calculation auxiliary message, andthe predetermined times is equal to the right level.